Decryption problem

Werner Koch
Wed, 15 Sep 1999 09:10:15 +0200

Johan Wevers <> writes:

> No, for real (non-commercial) use. And I don't care that is is patented.
> I use IDEA (and RSA, but I'm outside the US) with 2.x anyway.
Don't let Ascom know this. They even require license fees when IDEA is used by charities.
> I'm not using it for encryption, but I reasoned that it wouldn't hurt to be
> able to decrypt messages encrypted with Skipjack.
There is a reason for displaying the message "Experimental algorithms should not be used" the identifiers used to describe the algorithjms are not standard and there will be interoperabilty with other implemenations or versions of a software.
> BTW, I'm trying to make an RC5 module myself to see if I really understand
IIRC, RC5 is patented ;-)
> the code. I'm only confused what to do with the fact that my RC5 example
> code gets pointers to 32 bits quantities and the gpg code needs byte*'s, but
> I guess this subject is more approprriate for the developer list.
Most cipohers operate on full words. Have a look at the other ciphers or hash functions to see how to convert words into an octet string
> 2.x compatibility is required since some of my correspondents use 2.x
> versions and I don't want to force them to upgrade. However I consider
> changing to a pgp 5 compatible key because the MD5 algorithm is not really
> considered safe anymore. Being compatible when just using conventional
That is simply not true. There is an evidence that in the near future the calculation of collisions may be done on regular basis and therefore you should not use it in DL signature algorithm, because this could compromise your secret key. One solution for the PGP 2 compatibilty is to tweak PGP 2 to use CAST5 instead of IDEA: You have only to change the idea_xxx functions to use CAST5 instead (very easy as the key and block size is the same as IDEA - in contrast to 3DES) and change the algorithm identifiers form 1 (IDEA) to 3 (CAST5). If you have such a PGP 2 you can still use your RSA keys there is no need to worry about the IDEA patent. Of course you eill not be able to decrypt IDEA messages - a header line telling about this special PGP 2 version could help. IMHO, such a patched version of pgp 2.6.3 makes sense and is not too much work. you might want to call it pgpcast5 or something like this. -- Werner Koch at keyid 621CC013